Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea
May 24, 2024, 8:29 a.m.
Description
An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group has systematically targeted high-level organizations across countries in the South China Sea region. The extensive analysis spanned several years, revealing their evolving tactics, malware arsenal, and ongoing persistence. The primary objective appears to be espionage, with a focus on data exfiltration and surveillance of military and government entities. Unfading Sea Haze employs a sophisticated array of custom malware tools, including variants of the Gh0st RAT family and techniques like DLL sideloading. Their recent shift towards modular, fileless payloads showcases their adaptability in evading detection.
Date
| Published | Created | Modified |
|---|---|---|
| May 24, 2024, 8:21 a.m. | May 24, 2024, 8:21 a.m. | May 24, 2024, 8:29 a.m. |
Indicators
93abcc4062a14ba3d3309fc5e8a910e81a4e3ce1bbbf5e6f7857779b6e76f43a
7587ca6b8163e3e5b05e4a9fc79ec19deee9c971e6f76adadc4d970c99cad4f3
6b5b8b12af21700a212d5ece27f065f8f9ed38b2969ad5dfaa790bc76754de6c
1116efd48ca01623bf385cd612f4da1eb9eeba0329e41d0e068bcd6557a46f8f
45.61.137.109
193.149.129.128
167.71.199.105
188.166.224.242
164.92.146.227
152.42.198.152
139.59.107.49
128.199.66.11
112.113.112.5
128.199.166.143
209.97.167.177
192.153.57.24
159.223.78.147
Attack Patterns
SilentGh0st
TranslucentGh0st
SharpJSHandler
Unfading Sea Haze
T1155
T1197
T1137
T1136
T1548
T1480
T1497
T1598
T1486
T1070
T1105
T1083
T1071
T1219
T1134
T1498
T1560
T1053
T1090
T1059